Chief Compliance Officers, General Counsels and other business executives have long been pushing regulators to provide clarity around the FCPA and more consistent (and appropriately fair) enforcement. Well, companies finally have something reasonably definitive to look at which shows how a well-constructed compliance program implemented in good faith can have extremely positive consequences – it’s the recent Morgan Stanley case, which we’ll get to in a moment.

At the other end of the spectrum is the Wal-Mart fiasco. You know the story – senior Wal-Mart executives knew of millions of dollars being paid to government officials in Mexico to aid expansion in that country, but shut down an investigation. The Justice Department and Securities and Exchange Commission are all over this, and things will not go well for the company. The last thing the DOJ or SEC looks favorably on is executives not reporting a suspected or known violation, and not conducting a full and comprehensive internal investigation. Now proxy advisory firms ISS and Glass Lewis, as well as major public pension funds, are recommending that Wal-Mart shareholders vote against members of the board of directors for neglecting their responsibilities. And there are indications the bribery might extend beyond the Mexican subsidiary. The stock price has taken a hit, the company faces potentially huge fines, executives could wind up in prison, and investors are suing. As is often the case, it’s not so much the bad action, but the cover-up. And it’s also whether the system, here the compliance process, was well designed, implemented and maintained.

Now to Morgan Stanley. The DOJ and SEC have long said that in enforcement actions they give credit to companies for already having a good compliance system in place, but we’ve seen little direct evidence of that. But now we have a game changer. The problems at Morgan Stanley reportedly arose when Garth Peterson, a managing director, successfully pushed for the firm to sell a real estate interest to a Chinese state-owned company, but it turned out to be a shell company in which Peterson had a direct interest, with related cash payments to himself and a Chinese official. Peterson pleaded guilty, facing a potential six-figure fine and five years in prison. But what happened to Morgan Stanley, or didn’t, is the real story here. The DOJ and SEC decided not to bring an enforcement action against the company. The reason – Morgan Stanley has had a strong compliance system, including relevant internal controls. It regularly updated controls to reflect risks of misconduct, and provided extensive training to its personnel, compliance reminders, annual confirmations by personnel, and continuous monitoring. And, when evidence of misconduct surfaced, the firm immediately began and conducted a thorough investigation.

So, there we have two well-known brand-name companies, one of which is likely to pay a high price, the other none at all and whose reputation is enhanced. The message now is clearer than ever. Engage in a cover-up, and deal with forceful regulators and angry shareholders. Have an effective compliance system and do the right thing, and the regulators and others will indeed look favorably upon the company.

Les
opened with an energy level high as always! Mark gave a great insight in the
financial transformation IBM has gone through and the road ahead. Alison
delivered a key note where the whole room hung on her every word. Astonishing
how Alison can present and what an inspiring lady she is.

Michael
Zerbs has been appointed as the new leader to run the IBM Risk Analytics organization.
Michael was the President and COO of Algorithmics. He is a recognized expert in
risk management for market and credit risk, and has an in-depth understanding
of the key risk management challenges that the financial industry faces today.
He has authored several papers on pricing models and risk management and is a
co-author of Mark-to-Future: A Framework for Measuring Risk and Rewad.

Market Analysts impressed
by IBM Risk Portfolio

Many
analysts could be found in Orlando.
It was mentioned that IBM has by far the best risk analytics portfolio in the
market.

Operational
risk is still strong as ever but Policy & Compliance management, IT Risk
& Governance and Audit capabilities have grown to such maturity level that
IBM is top in Risk Analytics.

Customers are expanding
on their GRC Environment

Clients
speaking at the 2 main event days were all expanding their platform to multi
discipline risk. Especially risk convergence, standardization, enterprise risk
management, IT Risk & Compliance and Fraud & Financial Crimes were
topics that came across many times.

IBM implemented OpenPages

IBM
has implemented OpenPages herself, and demonstrated that at day 2. Deborah
Dunagan, IBM Transformation Executive demonstrated how IBM reduced her risk
cycle times with 30% using IBM OpenPages!

With
all this excitement we are looking forward to another great year and client
success in Risk Analytics.

As a compliance officer, you’re dealing with increased regulation and expectations, while related resources are subject to budgetary constraints. Yes, senior managements read the headlines and recognize the reputational and related risks associated with legal and regulatory compliance. But what I and others see are compliance functions having to do more, often without a commensurate increase in resources.

These observations are consistent with a recent Thomson Reuters survey of financial services companies’ compliance professionals. The survey shows that compliance officers are struggling to keep up with increasing demands of global regulation – where rapidly growing regulations and increasing responsibilities, together with limited resources and constrained budgets, are causing compliance personnel to reached a “saturation point.” A whopping 84 percent of respondents say they expect to deal with more information from regulators and exchanges this year, with almost half expecting the level to be "significantly higher." The increase is expected to come from such events as splitting of the U.K. Financial Services Authority, added regulatory power of the European Supervisory Authorities, expansion of new and existing U.S. regulatory agencies resulting from Dodd-Frank, and expanded enforcement of such regulations as the U.K. Bribery Act and the U.S. Foreign Account Tax Compliance Act.

The survey results show that compliance responsibilities and expectations are diverging from realistic capabilities. For instance, with a key objective being to coordinate with other company professionals involved with regulatory risk, over half of compliance professionals say they spend less than one hour weekly with internal audit colleagues, and one third spend less than one hour per week with legal and risk professionals. And while 70 percent of respondents expect the cost of senior compliance staff to increase this year, only 11 percent of companies expect a significant increase in budgets.

Also interesting in the statement that: “While keeping executive management informed of regulatory issues is a key part of the compliance role, more than a quarter of respondents say they spend less than one hour a week reporting to their boards. In the U.S., more than half of the companies surveyed spend less than one hour a week reporting to their boards. This raises concerns about whether executive management is being kept sufficiently informed on compliance issues.” Well, it’s not entirely clear from this as to the extent of interaction between compliance officers and senior management – one hour a week with the board may be just fine, as long as there’s significant interaction directly with executive management.

In any event, what we see is compliance departments already working at a fast pace with high efficiency, but they face risks going forward if responsibilities and resources aren’t recalibrated to be in sync.

A key theme at Vision 2012, IBM’s three-day user conference for Finance and Risk professionals, is how organizations can leverage enterprise risk information to make better decisions while balancing the demands for risk oversight and regulatory compliance.

The current complex and dynamic regulatory environment is a particular challenge for risk and compliance directors.For instance, while organizations covered by Dodd-Frank must respond to current regulatory reporting requirements, less than a third of the associated rule-making has been finished.

So, risk and compliance professionals must put in place an approach to meet regulatory requirements that can easily adapt over time as regulations evolve, and this approach includes the capability to adapt internal policies to keep pace with the evolving regulatory environment.

This new solution enhances the ability to make risk-aware business decisions, enables companies to react more quickly to regulatory changes through better policy management, and decreases costs and complexity of compliance.

Leveraging the IBM Cognos business intelligence platform, OpenPages 6.1 delivers interactive reports and dashboards that allow business managers to turn that risk information into insight and insight into better business outcomes.

In
this session I will take you through the most common questions I received from
our customers facing Basel II and Solvency II. I will help you understand the
challenges from an Operational Risk perspective and speak about how my clients
have overcome these challenges.

Risk
Convergence, Risk Adoption, Risk Montoring, Loss Registration, Risk Reporting
and Dashboarding and Regulatory Reporting are topics that will be discussed in
this session.

We know the Justice Department and SEC in recent years revved up enforcement of the Foreign Corrupt Practices Act, which certainly has gotten the close and widespread attention of the business community. With the vast majority of U.S. companies large and small operating globally, general counsels, compliance officers, boards of directors, and other business executives are focusing on related risks and controls. And now the U.S. Chamber of Commerce’s Institute for Legal Reform, noting that companies want to comply with provisions of the FCPA but unclear enforcement makes it challenging, thinks "it is common sense that the rules of the road are clarified." As such, the Chamber has put forth five recommendations: Adding a compliance defense, limiting liability for the prior actions of an acquired company, adding a “willfulness” requirement for corporate criminal liability, limiting liability for acts of a subsidiary, and defining what constitutes a "foreign official."

It appeared these proposals might gain some traction, and then along came Wal-Mart. The charges of bribery in Mexico and subsequent cover-up seems to have dampened interest in modifying, or some would say softening, the FCPA and related enforcement. Certainly Wal-Mart has put tremendous effort into successfully lobbying legislators in both parties – and supporting the President’s initiatives in health coverage and pollution control, and the First Lady’s on healthy foods to combat childhood obesity – all of which may serve the company in good stead in containing political fallout. But we can also expect notoriety around the Wal-Mart case to signal the continued relevance of the Act and deflect efforts to weaken it.

It seems there’s an interesting analogy here, where the Wal-Mart bribery case might be to the FCPA what WorldCom was to Sarbanes-Oxley. After Enron imploded, there was stirring inside the Beltway about need for legislation, but nothing much was expected to happen – until a few months later when the WorldCom fiasco hit the headlines, thereby generating momentum that turned into a rush to get a law passed. In this instance, it may well be the converse – a law that might have been weakened is more likely to stay as is, with continued strong enforcement by regulators. We’ll stay tuned to see what transpires.

The head of the SEC's Office of Compliance Inspections and Examinations, Carlo di Florio, recently spoke about what his 900 professionals look for in conducting examinations of a wide range of financial institutions – noting the OCIE is breaking new ground. In carrying out its mission to improve compliance, prevent fraud, monitor risk, and inform policy, di Florio's office is expanding its focus to include boards of directors. In considering a firm's compliance culture, the OCIE is entering into direct discussions with boards of directors, to get a sense of the board's as well as senior management's attention to and focus on regulatory compliance issues. di Florio didn't name names, but media reports say such discussions already have taken place with the likes of Goldman, Morgan Stanley, Barclays and Wells Fargo. He did say that the new focus is due in part to the fact that a firm's compliance culture is an "elusive concept and a real challenge," having a huge impact on the extent to which a firm engages in ethical conduct, also noting the need to integrate compliance within risk governance processes.

If you've encountered Carlo di Florio, you may have observed a soft spoken, gentle demeanor and charming personality. But that shouldn't be misinterpreted for anything less than a hard-nosed and rigorous approach on the part of him and his staff. Having worked with him in our “past life,” I can assure you that he is not only thoughtful and creative in approach, he can be relentless in pursuing objectives.

OCIE's approach is multifold, focusing first on review of a firm's polices and related procedures, including policy management and flexibility in dealing with evolving conditions. There's focus on effectiveness of communication and training, and on such matters as how a firm assigns responsibility and handles accountability. Also in its sights are monitoring and testing processes, protocols for communicating issues upstream, and internal whistleblower processes. di Florio notes that the better the internal processes, the less OCIE will need to do. Highlighting its insightfulness, OCIE looks at such critical matters as where the power lies – the business side or legal/compliance – how bonus pools are allocated, independence of compliance staff, and involvement in critical decision-making. Also, the extent of compliance contributions of business units in performance assessment and reward processes are considered.

With all this, the focus on board of directors is consistent with attention to the tone at the top of a firm. Carlo di Florio is moving the lines, and I've no doubt he and his staff will have a sharper focus on and greater insight into what drives compliance.

Tags

A tag is a keyword you assign to make a blog or blog content easier to find. Click a tag to find content that has been assigned that keyword. Click another tag to refine the search further. Click Find a tag to search for a tag that is not displayed in the collection.